[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA-134-1

Phillip Hofmeister <plhofmei@zionlth.org> writes:

[Not directly in reference to this problem, just some more
information.]

> *TECHNICALLY* every login is root.

Yes, that is how it works in Unix.  People could say that this concept
is not perfect.  Since Debian is not only a GNU/Linux distribution
anymore...

In GNU (that is, GNU/Hurd) things are different: a login happens
without _any_ UID - a concept Unix does not know about.  Your login
program contacts the Hurd "password server", which runs as root and
does nothing beside verifying authentications and giving out
"authentication handles" to processes, which contain Unix UIDs/GIDs.

That is simply the natural way of doing things when you are not only
limited to lower privileges like it is the case in Unix and are able
to raise your privileges.

As a side note: many network daemons could make use of this special
feature to be more secure.

		moritz
-- 
moritz@duesseldorf.ccc.de - http://duesseldorf.ccc.de/~moritz/
GPG fingerprint = 3A14 3923 15BE FD57 FC06  B501 0841 2D7B 6F98 4199


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: